The untaint() function is used when the data-tainting
security model is in effect. See Chapter 20, JavaScript Security for details on this security model.
JavaScript automatically associates taint with data values
that are potentially private, and which should not be
"stolen" by scripts. If you need to allow these values to
be exported by scripts, you must use untaint() to
make untainted copies.

untaint() does not remove from the taint the value it is
passed; instead, it returns an untainted copy of that value,
or an untainted reference to that value for object types.
(Note that taint is associated with primitive values and
with references to objects, not with the objects
themselves.)

Sometimes taint is carried not by data values, but by the
control flow of a program. In this case, you may need to
remove taint from an entire window in which JavaScript code
runs. You can do this by calling untaint() with no
arguments. Note, however, that you can only do this if the
window carries only the taint of the script that calls
untaint(). If the window has been tainted by
other scripts, it cannot be untainted.